CVE-2013-3619 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2013-3619?

CVE-2013-3619 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-3619?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro Smt X9 Firmware, Supermicro Sh7758, Supermicro Smt X8 Firmware, Supermicro Sh7757, Citrix Netscaler Sdx Firmware.

Vulnerability Description

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Supermicro	Smt X9 Firmware	< 3.15
Supermicro	Sh7758	-
Supermicro	Smt X8 Firmware	< 3.12
Supermicro	Sh7757	-
Citrix	Netscaler Sdx Firmware	10
Citrix	Netscaler Sdx	-
Citrix	Netscaler Firmware	-
Citrix	Netscaler	-
Citrix	Netscaler Sd-Wan Firmware	-
Citrix	Netscaler Sd-Wan	-

Related Weaknesses (CWE)

CWE-798

References

http://support.citrix.com/article/CTX216642Third Party Advisory
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044Third Party AdvisoryVDB Entry
https://support.citrix.com/article/CTX216642Third Party Advisory
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory
http://support.citrix.com/article/CTX216642Third Party Advisory
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044Third Party AdvisoryVDB Entry
https://support.citrix.com/article/CTX216642Third Party Advisory
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory

FAQ

What is CVE-2013-3619?

CVE-2013-3619 is a vulnerability with a CVSS score of 8.1 (HIGH). Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 cont...

How severe is CVE-2013-3619?

CVE-2013-3619 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3619?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro Smt X9 Firmware, Supermicro Sh7758, Supermicro Smt X8 Firmware, Supermicro Sh7757, Citrix Netscaler Sdx Firmware.